CVE-2016-0701

Impact:
Moderate
Public Date:
2016-01-28
Bugzilla:
1301845: CVE-2016-0701 OpenSSL: DH small subgroups
It was found that OpenSSL used weak Diffie-Hellman parameters based on unsafe primes, which were generated and stored in X9.42-style parameter files. An attacker who could force the peer to perform multiple handshakes using the same private DH component could use this flaw to conduct man-in-the-middle attacks on the SSL/TLS connection.

Find out more about CVE-2016-0701 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

OpenSSL 1.0.2 provides support for generating X9.42 style parameter files. This feature does not exist in any previous versions of OpenSSL. Therefore versions of OpenSSL shipped with Red Hat Enterprise Linux 5, 6, and 7, and JBoss EAP and JBoss Web Server are not vulnerable to this security flaw.

Versions of OpenSSL shipped in Red Hat Enterprise Linux do not enable the SSL_OP_SINGLE_DH_USE option. However, most applications do not use SSL_CTX_set_tmp_dh()/SSL_set_tmp_dh(). Most of them use SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() without setting the key. This has the same effect as setting SSL_OP_SINGLE_DH_USE.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 5.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat JBoss Web Server 3.0 openssl Not affected
Red Hat JBoss EWS 2 openssl Not affected
Red Hat JBoss EWS 1 openssl Not affected
Red Hat JBoss EAP 6 openssl Not affected
Red Hat Enterprise Linux 7 openssl098e Not affected
Red Hat Enterprise Linux 7 openssl Not affected
Red Hat Enterprise Linux 6 openssl Not affected
Red Hat Enterprise Linux 6 openssl098e Not affected
Red Hat Enterprise Linux 5 openssl Not affected
Red Hat Enterprise Linux 5 openssl097a Not affected

Acknowledgements

Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Antonio Sanso as the original reporter of this issue.

Mitigation

External References

Last Modified